General
-
Target
4f140797fa904582e8422edd3bc1c661b72a1a1ee23a329173017e20901e25ca
-
Size
314KB
-
Sample
211127-l4s52aaabl
-
MD5
e7f606299a819430be235ed185050de1
-
SHA1
73a88c1712d1c91731f7557c4a023b1599c5ac6c
-
SHA256
4f140797fa904582e8422edd3bc1c661b72a1a1ee23a329173017e20901e25ca
-
SHA512
cc78cd7711c2eaa7ed3ba52f77fdb02096bca1c35dbfff3576aa72d7273dfb7fa388b51c605188c7c66fa2cdc7d4d48b6d1652bc390de5e91ec2a97455e95c12
Static task
static1
Malware Config
Extracted
tofsee
quadoil.ru
lakeflex.ru
Targets
-
-
Target
4f140797fa904582e8422edd3bc1c661b72a1a1ee23a329173017e20901e25ca
-
Size
314KB
-
MD5
e7f606299a819430be235ed185050de1
-
SHA1
73a88c1712d1c91731f7557c4a023b1599c5ac6c
-
SHA256
4f140797fa904582e8422edd3bc1c661b72a1a1ee23a329173017e20901e25ca
-
SHA512
cc78cd7711c2eaa7ed3ba52f77fdb02096bca1c35dbfff3576aa72d7273dfb7fa388b51c605188c7c66fa2cdc7d4d48b6d1652bc390de5e91ec2a97455e95c12
-
suricata: ET MALWARE DNS Query Sinkhole Domain Various Families (Possible Infected Host)
suricata: ET MALWARE DNS Query Sinkhole Domain Various Families (Possible Infected Host)
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-